|Number of vulnerabilities||1|
|Public exploit||Public exploit code for vulnerability #1 is available.|
Hardware solutions / Other hardware appliances
|Vendor||Crestron Electronics, Inc.|
This security bulletin contains one high risk vulnerability.
CWE-77 - Command injection
Exploit availability: NoDescription
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to a lack of input validation in the Bash Command Substitution on the "ping" command parameters. A remote attacker can execute arbitrary commands on the device on behalf of the root user.Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?